Carlos E. R. wrote:
On 2016-03-17 16:22, Per Jessen wrote:
Carlos E. R. wrote:
Unless the rule:
restrict -4 default kod notrap nomodify nopeer noquery
That one sets the default restrictions for IPv4.
is negated by the later rule:
restrict 192.168.1.0 mask 255.255.255.0 notrust
That rule I had is default in the ntp config.
I don't think so. I don't use authentication on our internal network, and I've never had to remove or comment out that restriction. (never= at least since 11.x).
It is absurd to disable local time queries for non authenticated clients on the local LAN, when any client on the whole internet has access.
That restriction works the other way though - it restricts time info from unauthenticated _servers_. It's more important for the client to know that it's getting the time info from the correct server.
I should have to check what is the default on Leap, and then perhaps report a bug.
These are the current defaults - except in the "restrict -[46]" lines where I've removed "nopeer": Leap421: office34:~ # egrep '^#?restrict' /etc/ntp.conf #restrict 192.168.123.0 mask 255.255.255.0 notrust restrict -4 default notrap nomodify noquery restrict -6 default notrap nomodify noquery restrict 127.0.0.1 restrict ::1 openSUSE 13.2: guest54:~ # egrep '^#?restrict' /etc/ntp.conf #restrict 192.168.123.0 mask 255.255.255.0 notrust restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify noquery restrict 127.0.0.1 restrict ::1 openSUSE 13.1: office11:~ # egrep '^#?restrict' /etc/ntp.conf restrict -4 default kod notrap nomodify noquery restrict -6 default kod notrap nomodify noquery restrict 127.0.0.1 restrict ::1 On 12.3, ntop.conf had no restrict lines at all, I guess that was before the DDoS attack waves. -- Per Jessen, Zürich (8.3°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org